From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Thu, 09 May 2019 10:30:15 -0700
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E200F308FC5E;
	Thu,  9 May 2019 17:30:13 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-234.rdu2.redhat.com [10.10.120.234])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B335E60CD7;
	Thu,  9 May 2019 17:30:12 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v2 5/6] CryptoPkg: Upgrade OpenSSL to 1.1.1b
From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, xiaoyux.lu@intel.com
Cc: Jian J Wang <jian.j.wang@intel.com>, Ting Ye <ting.ye@intel.com>
References: <1557379429-7527-1-git-send-email-xiaoyux.lu@intel.com>
 <1557379429-7527-5-git-send-email-xiaoyux.lu@intel.com>
 <ad1c875e-6d07-5931-37fe-d119f357056d@redhat.com>
Message-ID: <38ff9c2f-1d16-4719-18f6-07e84e4d8bf8@redhat.com>
Date: Thu, 9 May 2019 19:30:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <ad1c875e-6d07-5931-37fe-d119f357056d@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 09 May 2019 17:30:14 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 05/09/19 19:15, Laszlo Ersek wrote:

> How about the following:
> 
> - It seems like we cannot convince OpenSSL to *never* call these
>   functions, under UEFI.
> 
> - We also cannot provide an implementation that is *guaranteed* to be
>   secure enough, IMO.
> 
> - It seems like these functions *should* never be called in the edk2
>   build however, given that we're not trying to do anything "new" with
>   OpenSSL in edk2 -- we just want to use the new OpenSSL release for the
>   same old things.
> 
> - So why not just ensure that these functions *never return*?
> 
> (1) Basically implement all of the functions like this:
> 
>   ASSERT (FALSE);
>   CpuDeadLoop ();
>   //
>   // if a return value is needed
>   //
>   return 0;
> 
> What do you think about this approach?

I notice that "rand" is another module in OpenSSL.

Can we try adding "no-rand" to our Configure invocation? Perhaps the
need for all of the rand_* functions goes away then.

Thanks
Laszlo